1NAMED.CONF(5) BIND 9 NAMED.CONF(5)
2
3
4
6 named.conf - configuration file for **named**
7
9 named.conf
10
12 named.conf is the configuration file for named. Statements are enclosed
13 in braces and terminated with a semi-colon. Clauses in the statements
14 are also semi-colon terminated. The usual comment styles are sup‐
15 ported:
16
17 C style: /* */
18 C++ style: // to end of line
19
20 Unix style: # to end of line
21
22 ACL
23 acl string { address_match_element; ... };
24
25 CONTROLS
26 controls {
27 inet ( ipv4_address | ipv6_address |
28 * ) [ port ( integer | * ) ] allow
29 { address_match_element; ... } [
30 keys { string; ... } ] [ read-only
31 boolean ];
32 unix quoted_string perm integer
33 owner integer group integer [
34 keys { string; ... } ] [ read-only
35 boolean ];
36 };
37
38 DLZ
39 dlz string {
40 database string;
41 search boolean;
42 };
43
44 DNSSEC-POLICY
45 dnssec-policy string {
46 dnskey-ttl duration;
47 keys { ( csk | ksk | zsk ) [ ( key-directory ) ] lifetime
48 duration_or_unlimited algorithm string [ integer ]; ... };
49 max-zone-ttl duration;
50 nsec3param [ iterations integer ] [ optout boolean ] [
51 salt-length integer ];
52 parent-ds-ttl duration;
53 parent-propagation-delay duration;
54 publish-safety duration;
55 purge-keys duration;
56 retire-safety duration;
57 signatures-refresh duration;
58 signatures-validity duration;
59 signatures-validity-dnskey duration;
60 zone-propagation-delay duration;
61 };
62
63 DYNDB
64 dyndb string quoted_string {
65 unspecified-text };
66
67 KEY
68 key string {
69 algorithm string;
70 secret string;
71 };
72
73 LOGGING
74 logging {
75 category string { string; ... };
76 channel string {
77 buffered boolean;
78 file quoted_string [ versions ( unlimited | integer ) ]
79 [ size size ] [ suffix ( increment | timestamp ) ];
80 null;
81 print-category boolean;
82 print-severity boolean;
83 print-time ( iso8601 | iso8601-utc | local | boolean );
84 severity log_severity;
85 stderr;
86 syslog [ syslog_facility ];
87 };
88 };
89
90 MANAGED-KEYS
91 See DNSSEC-KEYS.
92
93 managed-keys { string ( static-key
94 | initial-key | static-ds |
95 initial-ds ) integer integer
96 integer quoted_string; ... };, deprecated
97
98 MASTERS
99 masters string [ port integer ] [ dscp
100 integer ] { ( remote-servers |
101 ipv4_address [ port integer ] |
102 ipv6_address [ port integer ] ) [ key
103 string ]; ... };
104
105 OPTIONS
106 options {
107 allow-new-zones boolean;
108 allow-notify { address_match_element; ... };
109 allow-query { address_match_element; ... };
110 allow-query-cache { address_match_element; ... };
111 allow-query-cache-on { address_match_element; ... };
112 allow-query-on { address_match_element; ... };
113 allow-recursion { address_match_element; ... };
114 allow-recursion-on { address_match_element; ... };
115 allow-transfer { address_match_element; ... };
116 allow-update { address_match_element; ... };
117 allow-update-forwarding { address_match_element; ... };
118 also-notify [ port integer ] [ dscp integer ] { (
119 remote-servers | ipv4_address [ port integer ] |
120 ipv6_address [ port integer ] ) [ key string ]; ... };
121 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
122 ] [ dscp integer ];
123 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
124 * ) ] [ dscp integer ];
125 answer-cookie boolean;
126 attach-cache string;
127 auth-nxdomain boolean; // default changed
128 auto-dnssec ( allow | maintain | off );
129 automatic-interface-scan boolean;
130 avoid-v4-udp-ports { portrange; ... };
131 avoid-v6-udp-ports { portrange; ... };
132 bindkeys-file quoted_string;
133 blackhole { address_match_element; ... };
134 cache-file quoted_string;// deprecated
135 catalog-zones { zone string [ default-masters [ port integer ]
136 [ dscp integer ] { ( remote-servers | ipv4_address [ port
137 integer ] | ipv6_address [ port integer ] ) [ key
138 string ]; ... } ] [ zone-directory quoted_string ] [
139 in-memory boolean ] [ min-update-interval duration ]; ... };
140 check-dup-records ( fail | warn | ignore );
141 check-integrity boolean;
142 check-mx ( fail | warn | ignore );
143 check-mx-cname ( fail | warn | ignore );
144 check-names ( primary | master |
145 secondary | slave | response ) (
146 fail | warn | ignore );
147 check-sibling boolean;
148 check-spf ( warn | ignore );
149 check-srv-cname ( fail | warn | ignore );
150 check-wildcard boolean;
151 clients-per-query integer;
152 cookie-algorithm ( aes | siphash24 );
153 cookie-secret string;
154 coresize ( default | unlimited | sizeval );
155 datasize ( default | unlimited | sizeval );
156 deny-answer-addresses { address_match_element; ... } [
157 except-from { string; ... } ];
158 deny-answer-aliases { string; ... } [ except-from { string; ...
159 } ];
160 dialup ( notify | notify-passive | passive | refresh | boolean );
161 directory quoted_string;
162 disable-algorithms string { string;
163 ... };
164 disable-ds-digests string { string;
165 ... };
166 disable-empty-zone string;
167 dns64 netprefix {
168 break-dnssec boolean;
169 clients { address_match_element; ... };
170 exclude { address_match_element; ... };
171 mapped { address_match_element; ... };
172 recursive-only boolean;
173 suffix ipv6_address;
174 };
175 dns64-contact string;
176 dns64-server string;
177 dnskey-sig-validity integer;
178 dnsrps-enable boolean;
179 dnsrps-options { unspecified-text };
180 dnssec-accept-expired boolean;
181 dnssec-dnskey-kskonly boolean;
182 dnssec-loadkeys-interval integer;
183 dnssec-must-be-secure string boolean;
184 dnssec-policy string;
185 dnssec-secure-to-insecure boolean;
186 dnssec-update-mode ( maintain | no-resign );
187 dnssec-validation ( yes | no | auto );
188 dnstap { ( all | auth | client | forwarder | resolver | update ) [
189 ( query | response ) ]; ... };
190 dnstap-identity ( quoted_string | none | hostname );
191 dnstap-output ( file | unix ) quoted_string [ size ( unlimited |
192 size ) ] [ versions ( unlimited | integer ) ] [ suffix (
193 increment | timestamp ) ];
194 dnstap-version ( quoted_string | none );
195 dscp integer;
196 dual-stack-servers [ port integer ] { ( quoted_string [ port
197 integer ] [ dscp integer ] | ipv4_address [ port
198 integer ] [ dscp integer ] | ipv6_address [ port
199 integer ] [ dscp integer ] ); ... };
200 dump-file quoted_string;
201 edns-udp-size integer;
202 empty-contact string;
203 empty-server string;
204 empty-zones-enable boolean;
205 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
206 fetches-per-server integer [ ( drop | fail ) ];
207 fetches-per-zone integer [ ( drop | fail ) ];
208 files ( default | unlimited | sizeval );
209 flush-zones-on-shutdown boolean;
210 forward ( first | only );
211 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
212 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
213 fstrm-set-buffer-hint integer;
214 fstrm-set-flush-timeout integer;
215 fstrm-set-input-queue-size integer;
216 fstrm-set-output-notify-threshold integer;
217 fstrm-set-output-queue-model ( mpsc | spsc );
218 fstrm-set-output-queue-size integer;
219 fstrm-set-reopen-interval duration;
220 geoip-directory ( quoted_string | none );
221 glue-cache boolean;
222 heartbeat-interval integer;
223 hostname ( quoted_string | none );
224 interface-interval duration;
225 ixfr-from-differences ( primary | master | secondary | slave |
226 boolean );
227 keep-response-order { address_match_element; ... };
228 key-directory quoted_string;
229 lame-ttl duration;
230 listen-on [ port integer ] [ dscp
231 integer ] {
232 address_match_element; ... };
233 listen-on-v6 [ port integer ] [ dscp
234 integer ] {
235 address_match_element; ... };
236 lmdb-mapsize sizeval;
237 lock-file ( quoted_string | none );
238 managed-keys-directory quoted_string;
239 masterfile-format ( map | raw | text );
240 masterfile-style ( full | relative );
241 match-mapped-addresses boolean;
242 max-cache-size ( default | unlimited | sizeval | percentage );
243 max-cache-ttl duration;
244 max-clients-per-query integer;
245 max-ixfr-ratio ( unlimited | percentage );
246 max-journal-size ( default | unlimited | sizeval );
247 max-ncache-ttl duration;
248 max-records integer;
249 max-recursion-depth integer;
250 max-recursion-queries integer;
251 max-refresh-time integer;
252 max-retry-time integer;
253 max-rsa-exponent-size integer;
254 max-stale-ttl duration;
255 max-transfer-idle-in integer;
256 max-transfer-idle-out integer;
257 max-transfer-time-in integer;
258 max-transfer-time-out integer;
259 max-udp-size integer;
260 max-zone-ttl ( unlimited | duration );
261 memstatistics boolean;
262 memstatistics-file quoted_string;
263 message-compression boolean;
264 min-cache-ttl duration;
265 min-ncache-ttl duration;
266 min-refresh-time integer;
267 min-retry-time integer;
268 minimal-any boolean;
269 minimal-responses ( no-auth | no-auth-recursive | boolean );
270 multi-master boolean;
271 new-zones-directory quoted_string;
272 no-case-compress { address_match_element; ... };
273 nocookie-udp-size integer;
274 notify ( explicit | master-only | primary-only | boolean );
275 notify-delay integer;
276 notify-rate integer;
277 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
278 dscp integer ];
279 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
280 [ dscp integer ];
281 notify-to-soa boolean;
282 nta-lifetime duration;
283 nta-recheck duration;
284 nxdomain-redirect string;
285 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
286 dscp integer ];
287 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
288 ] [ dscp integer ];
289 pid-file ( quoted_string | none );
290 port integer;
291 preferred-glue string;
292 prefetch integer [ integer ];
293 provide-ixfr boolean;
294 qname-minimization ( strict | relaxed | disabled | off );
295 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
296 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
297 port ( integer | * ) ) ) [ dscp integer ];
298 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
299 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
300 port ( integer | * ) ) ) [ dscp integer ];
301 querylog boolean;
302 random-device ( quoted_string | none );
303 rate-limit {
304 all-per-second integer;
305 errors-per-second integer;
306 exempt-clients { address_match_element; ... };
307 ipv4-prefix-length integer;
308 ipv6-prefix-length integer;
309 log-only boolean;
310 max-table-size integer;
311 min-table-size integer;
312 nodata-per-second integer;
313 nxdomains-per-second integer;
314 qps-scale integer;
315 referrals-per-second integer;
316 responses-per-second integer;
317 slip integer;
318 window integer;
319 };
320 recursing-file quoted_string;
321 recursion boolean;
322 recursive-clients integer;
323 request-expire boolean;
324 request-ixfr boolean;
325 request-nsid boolean;
326 require-server-cookie boolean;
327 reserved-sockets integer;
328 resolver-nonbackoff-tries integer;
329 resolver-query-timeout integer;
330 resolver-retry-interval integer;
331 response-padding { address_match_element; ... } block-size
332 integer;
333 response-policy { zone string [ add-soa boolean ] [ log
334 boolean ] [ max-policy-ttl duration ] [ min-update-interval
335 duration ] [ policy ( cname | disabled | drop | given | no-op
336 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
337 recursive-only boolean ] [ nsip-enable boolean ] [
338 nsdname-enable boolean ]; ... } [ add-soa boolean ] [
339 break-dnssec boolean ] [ max-policy-ttl duration ] [
340 min-update-interval duration ] [ min-ns-dots integer ] [
341 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
342 [ recursive-only boolean ] [ nsip-enable boolean ] [
343 nsdname-enable boolean ] [ dnsrps-enable boolean ] [
344 dnsrps-options { unspecified-text } ];
345 reuseport boolean;
346 root-delegation-only [ exclude { string; ... } ];
347 root-key-sentinel boolean;
348 rrset-order { [ class string ] [ type string ] [ name
349 quoted_string ] string string; ... };
350 secroots-file quoted_string;
351 send-cookie boolean;
352 serial-query-rate integer;
353 serial-update-method ( date | increment | unixtime );
354 server-id ( quoted_string | none | hostname );
355 servfail-ttl duration;
356 session-keyalg string;
357 session-keyfile ( quoted_string | none );
358 session-keyname string;
359 sig-signing-nodes integer;
360 sig-signing-signatures integer;
361 sig-signing-type integer;
362 sig-validity-interval integer [ integer ];
363 sortlist { address_match_element; ... };
364 stacksize ( default | unlimited | sizeval );
365 stale-answer-client-timeout ( disabled | off | integer );
366 stale-answer-enable boolean;
367 stale-answer-ttl duration;
368 stale-cache-enable boolean;
369 stale-refresh-time duration;
370 startup-notify-rate integer;
371 statistics-file quoted_string;
372 synth-from-dnssec boolean;
373 tcp-advertised-timeout integer;
374 tcp-clients integer;
375 tcp-idle-timeout integer;
376 tcp-initial-timeout integer;
377 tcp-keepalive-timeout integer;
378 tcp-listen-queue integer;
379 tkey-dhkey quoted_string integer;
380 tkey-domain quoted_string;
381 tkey-gssapi-credential quoted_string;
382 tkey-gssapi-keytab quoted_string;
383 transfer-format ( many-answers | one-answer );
384 transfer-message-size integer;
385 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
386 dscp integer ];
387 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
388 ] [ dscp integer ];
389 transfers-in integer;
390 transfers-out integer;
391 transfers-per-ns integer;
392 trust-anchor-telemetry boolean; // experimental
393 try-tcp-refresh boolean;
394 update-check-ksk boolean;
395 use-alt-transfer-source boolean;
396 use-v4-udp-ports { portrange; ... };
397 use-v6-udp-ports { portrange; ... };
398 v6-bias integer;
399 validate-except { string; ... };
400 version ( quoted_string | none );
401 zero-no-soa-ttl boolean;
402 zero-no-soa-ttl-cache boolean;
403 zone-statistics ( full | terse | none | boolean );
404 };
405
406 PARENTAL-AGENTS
407 parental-agents string [ port integer ] [
408 dscp integer ] { ( remote-servers |
409 ipv4_address [ port integer ] |
410 ipv6_address [ port integer ] ) [ key
411 string ]; ... };
412
413 PLUGIN
414 plugin ( query ) string [ { unspecified-text
415 } ];
416
417 PRIMARIES
418 primaries string [ port integer ] [ dscp
419 integer ] { ( remote-servers |
420 ipv4_address [ port integer ] |
421 ipv6_address [ port integer ] ) [ key
422 string ]; ... };
423
424 SERVER
425 server netprefix {
426 bogus boolean;
427 edns boolean;
428 edns-udp-size integer;
429 edns-version integer;
430 keys server_key;
431 max-udp-size integer;
432 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
433 dscp integer ];
434 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
435 [ dscp integer ];
436 padding integer;
437 provide-ixfr boolean;
438 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
439 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
440 port ( integer | * ) ) ) [ dscp integer ];
441 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
442 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
443 port ( integer | * ) ) ) [ dscp integer ];
444 request-expire boolean;
445 request-ixfr boolean;
446 request-nsid boolean;
447 send-cookie boolean;
448 tcp-keepalive boolean;
449 tcp-only boolean;
450 transfer-format ( many-answers | one-answer );
451 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
452 dscp integer ];
453 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
454 ] [ dscp integer ];
455 transfers integer;
456 };
457
458 STATISTICS-CHANNELS
459 statistics-channels {
460 inet ( ipv4_address | ipv6_address |
461 * ) [ port ( integer | * ) ] [
462 allow { address_match_element; ...
463 } ];
464 };
465
466 TRUST-ANCHORS
467 trust-anchors { string ( static-key |
468 initial-key | static-ds | initial-ds )
469 integer integer integer
470 quoted_string; ... };
471
472 TRUSTED-KEYS
473 Deprecated - see DNSSEC-KEYS.
474
475 trusted-keys { string integer
476 integer integer
477 quoted_string; ... };, deprecated
478
479 VIEW
480 view string [ class ] {
481 allow-new-zones boolean;
482 allow-notify { address_match_element; ... };
483 allow-query { address_match_element; ... };
484 allow-query-cache { address_match_element; ... };
485 allow-query-cache-on { address_match_element; ... };
486 allow-query-on { address_match_element; ... };
487 allow-recursion { address_match_element; ... };
488 allow-recursion-on { address_match_element; ... };
489 allow-transfer { address_match_element; ... };
490 allow-update { address_match_element; ... };
491 allow-update-forwarding { address_match_element; ... };
492 also-notify [ port integer ] [ dscp integer ] { (
493 remote-servers | ipv4_address [ port integer ] |
494 ipv6_address [ port integer ] ) [ key string ]; ... };
495 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
496 ] [ dscp integer ];
497 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
498 * ) ] [ dscp integer ];
499 attach-cache string;
500 auth-nxdomain boolean; // default changed
501 auto-dnssec ( allow | maintain | off );
502 cache-file quoted_string;// deprecated
503 catalog-zones { zone string [ default-masters [ port integer ]
504 [ dscp integer ] { ( remote-servers | ipv4_address [ port
505 integer ] | ipv6_address [ port integer ] ) [ key
506 string ]; ... } ] [ zone-directory quoted_string ] [
507 in-memory boolean ] [ min-update-interval duration ]; ... };
508 check-dup-records ( fail | warn | ignore );
509 check-integrity boolean;
510 check-mx ( fail | warn | ignore );
511 check-mx-cname ( fail | warn | ignore );
512 check-names ( primary | master |
513 secondary | slave | response ) (
514 fail | warn | ignore );
515 check-sibling boolean;
516 check-spf ( warn | ignore );
517 check-srv-cname ( fail | warn | ignore );
518 check-wildcard boolean;
519 clients-per-query integer;
520 deny-answer-addresses { address_match_element; ... } [
521 except-from { string; ... } ];
522 deny-answer-aliases { string; ... } [ except-from { string; ...
523 } ];
524 dialup ( notify | notify-passive | passive | refresh | boolean );
525 disable-algorithms string { string;
526 ... };
527 disable-ds-digests string { string;
528 ... };
529 disable-empty-zone string;
530 dlz string {
531 database string;
532 search boolean;
533 };
534 dns64 netprefix {
535 break-dnssec boolean;
536 clients { address_match_element; ... };
537 exclude { address_match_element; ... };
538 mapped { address_match_element; ... };
539 recursive-only boolean;
540 suffix ipv6_address;
541 };
542 dns64-contact string;
543 dns64-server string;
544 dnskey-sig-validity integer;
545 dnsrps-enable boolean;
546 dnsrps-options { unspecified-text };
547 dnssec-accept-expired boolean;
548 dnssec-dnskey-kskonly boolean;
549 dnssec-loadkeys-interval integer;
550 dnssec-must-be-secure string boolean;
551 dnssec-policy string;
552 dnssec-secure-to-insecure boolean;
553 dnssec-update-mode ( maintain | no-resign );
554 dnssec-validation ( yes | no | auto );
555 dnstap { ( all | auth | client | forwarder | resolver | update ) [
556 ( query | response ) ]; ... };
557 dual-stack-servers [ port integer ] { ( quoted_string [ port
558 integer ] [ dscp integer ] | ipv4_address [ port
559 integer ] [ dscp integer ] | ipv6_address [ port
560 integer ] [ dscp integer ] ); ... };
561 dyndb string quoted_string {
562 unspecified-text };
563 edns-udp-size integer;
564 empty-contact string;
565 empty-server string;
566 empty-zones-enable boolean;
567 fetch-quota-params integer fixedpoint fixedpoint fixedpoint;
568 fetches-per-server integer [ ( drop | fail ) ];
569 fetches-per-zone integer [ ( drop | fail ) ];
570 forward ( first | only );
571 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
572 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
573 glue-cache boolean;
574 ixfr-from-differences ( primary | master | secondary | slave |
575 boolean );
576 key string {
577 algorithm string;
578 secret string;
579 };
580 key-directory quoted_string;
581 lame-ttl duration;
582 lmdb-mapsize sizeval;
583 managed-keys { string (
584 static-key | initial-key
585 | static-ds | initial-ds
586 ) integer integer
587 integer
588 quoted_string; ... };, deprecated
589 masterfile-format ( map | raw | text );
590 masterfile-style ( full | relative );
591 match-clients { address_match_element; ... };
592 match-destinations { address_match_element; ... };
593 match-recursive-only boolean;
594 max-cache-size ( default | unlimited | sizeval | percentage );
595 max-cache-ttl duration;
596 max-clients-per-query integer;
597 max-ixfr-ratio ( unlimited | percentage );
598 max-journal-size ( default | unlimited | sizeval );
599 max-ncache-ttl duration;
600 max-records integer;
601 max-recursion-depth integer;
602 max-recursion-queries integer;
603 max-refresh-time integer;
604 max-retry-time integer;
605 max-stale-ttl duration;
606 max-transfer-idle-in integer;
607 max-transfer-idle-out integer;
608 max-transfer-time-in integer;
609 max-transfer-time-out integer;
610 max-udp-size integer;
611 max-zone-ttl ( unlimited | duration );
612 message-compression boolean;
613 min-cache-ttl duration;
614 min-ncache-ttl duration;
615 min-refresh-time integer;
616 min-retry-time integer;
617 minimal-any boolean;
618 minimal-responses ( no-auth | no-auth-recursive | boolean );
619 multi-master boolean;
620 new-zones-directory quoted_string;
621 no-case-compress { address_match_element; ... };
622 nocookie-udp-size integer;
623 notify ( explicit | master-only | primary-only | boolean );
624 notify-delay integer;
625 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
626 dscp integer ];
627 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
628 [ dscp integer ];
629 notify-to-soa boolean;
630 nta-lifetime duration;
631 nta-recheck duration;
632 nxdomain-redirect string;
633 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
634 dscp integer ];
635 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
636 ] [ dscp integer ];
637 plugin ( query ) string [ {
638 unspecified-text } ];
639 preferred-glue string;
640 prefetch integer [ integer ];
641 provide-ixfr boolean;
642 qname-minimization ( strict | relaxed | disabled | off );
643 query-source ( ( [ address ] ( ipv4_address | * ) [ port (
644 integer | * ) ] ) | ( [ [ address ] ( ipv4_address | * ) ]
645 port ( integer | * ) ) ) [ dscp integer ];
646 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [ port (
647 integer | * ) ] ) | ( [ [ address ] ( ipv6_address | * ) ]
648 port ( integer | * ) ) ) [ dscp integer ];
649 rate-limit {
650 all-per-second integer;
651 errors-per-second integer;
652 exempt-clients { address_match_element; ... };
653 ipv4-prefix-length integer;
654 ipv6-prefix-length integer;
655 log-only boolean;
656 max-table-size integer;
657 min-table-size integer;
658 nodata-per-second integer;
659 nxdomains-per-second integer;
660 qps-scale integer;
661 referrals-per-second integer;
662 responses-per-second integer;
663 slip integer;
664 window integer;
665 };
666 recursion boolean;
667 request-expire boolean;
668 request-ixfr boolean;
669 request-nsid boolean;
670 require-server-cookie boolean;
671 resolver-nonbackoff-tries integer;
672 resolver-query-timeout integer;
673 resolver-retry-interval integer;
674 response-padding { address_match_element; ... } block-size
675 integer;
676 response-policy { zone string [ add-soa boolean ] [ log
677 boolean ] [ max-policy-ttl duration ] [ min-update-interval
678 duration ] [ policy ( cname | disabled | drop | given | no-op
679 | nodata | nxdomain | passthru | tcp-only quoted_string ) ] [
680 recursive-only boolean ] [ nsip-enable boolean ] [
681 nsdname-enable boolean ]; ... } [ add-soa boolean ] [
682 break-dnssec boolean ] [ max-policy-ttl duration ] [
683 min-update-interval duration ] [ min-ns-dots integer ] [
684 nsip-wait-recurse boolean ] [ qname-wait-recurse boolean ]
685 [ recursive-only boolean ] [ nsip-enable boolean ] [
686 nsdname-enable boolean ] [ dnsrps-enable boolean ] [
687 dnsrps-options { unspecified-text } ];
688 root-delegation-only [ exclude { string; ... } ];
689 root-key-sentinel boolean;
690 rrset-order { [ class string ] [ type string ] [ name
691 quoted_string ] string string; ... };
692 send-cookie boolean;
693 serial-update-method ( date | increment | unixtime );
694 server netprefix {
695 bogus boolean;
696 edns boolean;
697 edns-udp-size integer;
698 edns-version integer;
699 keys server_key;
700 max-udp-size integer;
701 notify-source ( ipv4_address | * ) [ port ( integer | *
702 ) ] [ dscp integer ];
703 notify-source-v6 ( ipv6_address | * ) [ port ( integer
704 | * ) ] [ dscp integer ];
705 padding integer;
706 provide-ixfr boolean;
707 query-source ( ( [ address ] ( ipv4_address | * ) [ port
708 ( integer | * ) ] ) | ( [ [ address ] (
709 ipv4_address | * ) ] port ( integer | * ) ) ) [
710 dscp integer ];
711 query-source-v6 ( ( [ address ] ( ipv6_address | * ) [
712 port ( integer | * ) ] ) | ( [ [ address ] (
713 ipv6_address | * ) ] port ( integer | * ) ) ) [
714 dscp integer ];
715 request-expire boolean;
716 request-ixfr boolean;
717 request-nsid boolean;
718 send-cookie boolean;
719 tcp-keepalive boolean;
720 tcp-only boolean;
721 transfer-format ( many-answers | one-answer );
722 transfer-source ( ipv4_address | * ) [ port ( integer |
723 * ) ] [ dscp integer ];
724 transfer-source-v6 ( ipv6_address | * ) [ port (
725 integer | * ) ] [ dscp integer ];
726 transfers integer;
727 };
728 servfail-ttl duration;
729 sig-signing-nodes integer;
730 sig-signing-signatures integer;
731 sig-signing-type integer;
732 sig-validity-interval integer [ integer ];
733 sortlist { address_match_element; ... };
734 stale-answer-client-timeout ( disabled | off | integer );
735 stale-answer-enable boolean;
736 stale-answer-ttl duration;
737 stale-cache-enable boolean;
738 stale-refresh-time duration;
739 synth-from-dnssec boolean;
740 transfer-format ( many-answers | one-answer );
741 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
742 dscp integer ];
743 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
744 ] [ dscp integer ];
745 trust-anchor-telemetry boolean; // experimental
746 trust-anchors { string ( static-key |
747 initial-key | static-ds | initial-ds
748 ) integer integer integer
749 quoted_string; ... };
750 trusted-keys { string
751 integer integer
752 integer
753 quoted_string; ... };, deprecated
754 try-tcp-refresh boolean;
755 update-check-ksk boolean;
756 use-alt-transfer-source boolean;
757 v6-bias integer;
758 validate-except { string; ... };
759 zero-no-soa-ttl boolean;
760 zero-no-soa-ttl-cache boolean;
761 zone string [ class ] {
762 allow-notify { address_match_element; ... };
763 allow-query { address_match_element; ... };
764 allow-query-on { address_match_element; ... };
765 allow-transfer { address_match_element; ... };
766 allow-update { address_match_element; ... };
767 allow-update-forwarding { address_match_element; ... };
768 also-notify [ port integer ] [ dscp integer ] { (
769 remote-servers | ipv4_address [ port integer ] |
770 ipv6_address [ port integer ] ) [ key string ];
771 ... };
772 alt-transfer-source ( ipv4_address | * ) [ port (
773 integer | * ) ] [ dscp integer ];
774 alt-transfer-source-v6 ( ipv6_address | * ) [ port (
775 integer | * ) ] [ dscp integer ];
776 auto-dnssec ( allow | maintain | off );
777 check-dup-records ( fail | warn | ignore );
778 check-integrity boolean;
779 check-mx ( fail | warn | ignore );
780 check-mx-cname ( fail | warn | ignore );
781 check-names ( fail | warn | ignore );
782 check-sibling boolean;
783 check-spf ( warn | ignore );
784 check-srv-cname ( fail | warn | ignore );
785 check-wildcard boolean;
786 database string;
787 delegation-only boolean;
788 dialup ( notify | notify-passive | passive | refresh |
789 boolean );
790 dlz string;
791 dnskey-sig-validity integer;
792 dnssec-dnskey-kskonly boolean;
793 dnssec-loadkeys-interval integer;
794 dnssec-policy string;
795 dnssec-secure-to-insecure boolean;
796 dnssec-update-mode ( maintain | no-resign );
797 file quoted_string;
798 forward ( first | only );
799 forwarders [ port integer ] [ dscp integer ] { (
800 ipv4_address | ipv6_address ) [ port integer ] [
801 dscp integer ]; ... };
802 in-view string;
803 inline-signing boolean;
804 ixfr-from-differences boolean;
805 journal quoted_string;
806 key-directory quoted_string;
807 masterfile-format ( map | raw | text );
808 masterfile-style ( full | relative );
809 masters [ port integer ] [ dscp integer ] { (
810 remote-servers | ipv4_address [ port integer ] |
811 ipv6_address [ port integer ] ) [ key string ];
812 ... };
813 max-ixfr-ratio ( unlimited | percentage );
814 max-journal-size ( default | unlimited | sizeval );
815 max-records integer;
816 max-refresh-time integer;
817 max-retry-time integer;
818 max-transfer-idle-in integer;
819 max-transfer-idle-out integer;
820 max-transfer-time-in integer;
821 max-transfer-time-out integer;
822 max-zone-ttl ( unlimited | duration );
823 min-refresh-time integer;
824 min-retry-time integer;
825 multi-master boolean;
826 notify ( explicit | master-only | primary-only | boolean );
827 notify-delay integer;
828 notify-source ( ipv4_address | * ) [ port ( integer | *
829 ) ] [ dscp integer ];
830 notify-source-v6 ( ipv6_address | * ) [ port ( integer
831 | * ) ] [ dscp integer ];
832 notify-to-soa boolean;
833 parental-agents [ port integer ] [ dscp integer ] { (
834 remote-servers | ipv4_address [ port integer ] |
835 ipv6_address [ port integer ] ) [ key string ];
836 ... };
837 parental-source ( ipv4_address | * ) [ port ( integer |
838 * ) ] [ dscp integer ];
839 parental-source-v6 ( ipv6_address | * ) [ port (
840 integer | * ) ] [ dscp integer ];
841 primaries [ port integer ] [ dscp integer ] { (
842 remote-servers | ipv4_address [ port integer ] |
843 ipv6_address [ port integer ] ) [ key string ];
844 ... };
845 request-expire boolean;
846 request-ixfr boolean;
847 serial-update-method ( date | increment | unixtime );
848 server-addresses { ( ipv4_address | ipv6_address ); ... };
849 server-names { string; ... };
850 sig-signing-nodes integer;
851 sig-signing-signatures integer;
852 sig-signing-type integer;
853 sig-validity-interval integer [ integer ];
854 transfer-source ( ipv4_address | * ) [ port ( integer |
855 * ) ] [ dscp integer ];
856 transfer-source-v6 ( ipv6_address | * ) [ port (
857 integer | * ) ] [ dscp integer ];
858 try-tcp-refresh boolean;
859 type ( primary | master | secondary | slave | mirror |
860 delegation-only | forward | hint | redirect |
861 static-stub | stub );
862 update-check-ksk boolean;
863 update-policy ( local | { ( deny | grant ) string (
864 6to4-self | external | krb5-self | krb5-selfsub |
865 krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
866 name | self | selfsub | selfwild | subdomain | tcp-self
867 | wildcard | zonesub ) [ string ] rrtypelist; ... };
868 use-alt-transfer-source boolean;
869 zero-no-soa-ttl boolean;
870 zone-statistics ( full | terse | none | boolean );
871 };
872 zone-statistics ( full | terse | none | boolean );
873 };
874
875 ZONE
876 zone string [ class ] {
877 allow-notify { address_match_element; ... };
878 allow-query { address_match_element; ... };
879 allow-query-on { address_match_element; ... };
880 allow-transfer { address_match_element; ... };
881 allow-update { address_match_element; ... };
882 allow-update-forwarding { address_match_element; ... };
883 also-notify [ port integer ] [ dscp integer ] { (
884 remote-servers | ipv4_address [ port integer ] |
885 ipv6_address [ port integer ] ) [ key string ]; ... };
886 alt-transfer-source ( ipv4_address | * ) [ port ( integer | * )
887 ] [ dscp integer ];
888 alt-transfer-source-v6 ( ipv6_address | * ) [ port ( integer |
889 * ) ] [ dscp integer ];
890 auto-dnssec ( allow | maintain | off );
891 check-dup-records ( fail | warn | ignore );
892 check-integrity boolean;
893 check-mx ( fail | warn | ignore );
894 check-mx-cname ( fail | warn | ignore );
895 check-names ( fail | warn | ignore );
896 check-sibling boolean;
897 check-spf ( warn | ignore );
898 check-srv-cname ( fail | warn | ignore );
899 check-wildcard boolean;
900 database string;
901 delegation-only boolean;
902 dialup ( notify | notify-passive | passive | refresh | boolean );
903 dlz string;
904 dnskey-sig-validity integer;
905 dnssec-dnskey-kskonly boolean;
906 dnssec-loadkeys-interval integer;
907 dnssec-policy string;
908 dnssec-secure-to-insecure boolean;
909 dnssec-update-mode ( maintain | no-resign );
910 file quoted_string;
911 forward ( first | only );
912 forwarders [ port integer ] [ dscp integer ] { ( ipv4_address
913 | ipv6_address ) [ port integer ] [ dscp integer ]; ... };
914 in-view string;
915 inline-signing boolean;
916 ixfr-from-differences boolean;
917 journal quoted_string;
918 key-directory quoted_string;
919 masterfile-format ( map | raw | text );
920 masterfile-style ( full | relative );
921 masters [ port integer ] [ dscp integer ] { ( remote-servers
922 | ipv4_address [ port integer ] | ipv6_address [ port
923 integer ] ) [ key string ]; ... };
924 max-ixfr-ratio ( unlimited | percentage );
925 max-journal-size ( default | unlimited | sizeval );
926 max-records integer;
927 max-refresh-time integer;
928 max-retry-time integer;
929 max-transfer-idle-in integer;
930 max-transfer-idle-out integer;
931 max-transfer-time-in integer;
932 max-transfer-time-out integer;
933 max-zone-ttl ( unlimited | duration );
934 min-refresh-time integer;
935 min-retry-time integer;
936 multi-master boolean;
937 notify ( explicit | master-only | primary-only | boolean );
938 notify-delay integer;
939 notify-source ( ipv4_address | * ) [ port ( integer | * ) ] [
940 dscp integer ];
941 notify-source-v6 ( ipv6_address | * ) [ port ( integer | * ) ]
942 [ dscp integer ];
943 notify-to-soa boolean;
944 parental-agents [ port integer ] [ dscp integer ] { (
945 remote-servers | ipv4_address [ port integer ] |
946 ipv6_address [ port integer ] ) [ key string ]; ... };
947 parental-source ( ipv4_address | * ) [ port ( integer | * ) ] [
948 dscp integer ];
949 parental-source-v6 ( ipv6_address | * ) [ port ( integer | * )
950 ] [ dscp integer ];
951 primaries [ port integer ] [ dscp integer ] { (
952 remote-servers | ipv4_address [ port integer ] |
953 ipv6_address [ port integer ] ) [ key string ]; ... };
954 request-expire boolean;
955 request-ixfr boolean;
956 serial-update-method ( date | increment | unixtime );
957 server-addresses { ( ipv4_address | ipv6_address ); ... };
958 server-names { string; ... };
959 sig-signing-nodes integer;
960 sig-signing-signatures integer;
961 sig-signing-type integer;
962 sig-validity-interval integer [ integer ];
963 transfer-source ( ipv4_address | * ) [ port ( integer | * ) ] [
964 dscp integer ];
965 transfer-source-v6 ( ipv6_address | * ) [ port ( integer | * )
966 ] [ dscp integer ];
967 try-tcp-refresh boolean;
968 type ( primary | master | secondary | slave | mirror |
969 delegation-only | forward | hint | redirect | static-stub |
970 stub );
971 update-check-ksk boolean;
972 update-policy ( local | { ( deny | grant ) string ( 6to4-self |
973 external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
974 | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
975 | subdomain | tcp-self | wildcard | zonesub ) [ string ]
976 rrtypelist; ... };
977 use-alt-transfer-source boolean;
978 zero-no-soa-ttl boolean;
979 zone-statistics ( full | terse | none | boolean );
980 };
981
983 /etc/named.conf
984
986 ddns-confgen(8), named(8), named-checkconf(8), rndc(8), rndc-conf‐
987 gen(8), BIND 9 Administrator Reference Manual.
988
990 Internet Systems Consortium
991
993 2022, Internet Systems Consortium
994
995
996
997
9989.16.30-RH NAMED.CONF(5)